Session token to session cookie SAML - Web Server

Walrus · March 19, 2019, 6:47pm

I’m working to authenticate a user with a 3rd party application that is OKTA enabled. I have been able to use the /authn endpoint to gather a session token. But I’m having trouble exchanging that token for a session cookie with an application on a web server. My setup is SAML so I’m not able to get a redirect uri to use with the /authorize endpoint.

I have tried using the embed link for the application with the session token and that DOES work to load into the application and create the session cookie. But if I attempt to have the server do a GET request on the same URI it will not create the same session cookie that can be used with an application.

Can I create a SAML assertion or session cookie on a web server if I have a session token?

What I have so far
1.) Create session token with /authn
2.) Attempt to get JSESSIONID cookie value with embed link + session token query param
3.) Attempt to use JSESSIONID cookie with application login page to gain CSRF token.

Walrus · March 19, 2019, 9:15pm

I think I might need to initiate a SAML SSO but I’m not sure exactly how. Can anyone better explain the endpoint and params required for this?

Also, think this is intended to be visited in a browser, and I’m wanting to get this on a server. I’m sure I could scrape a browser window on the server side, but that seems not ideal.

Post		Replies	Views
Session Token and Session Cookie Questions api	14	4582	February 13, 2024
Documentation Question: Sessions API - SAML Set Cookie SAML	3	2961	September 1, 2022
How to use the API Create Session With Session Token API api	4	2295	February 14, 2024
Review of SSO approach / Okta API SAML	4	4884	January 17, 2024
Re-use session token for getting Multiple saml assertions Questions	2	2381	November 8, 2022

Session token to session cookie SAML - Web Server

Related topics